GHSA-r4gv-qr8j-p3pgHighCVSS 7.5

handlebars.java FileTemplateLoader Path Traversal

Published
June 17, 2026
Last Modified
June 17, 2026

🔗 CVE IDs covered (1)

📋 Description

Impact

Any application that passes user-controlled input to Handlebars.compile() using a FileTemplateLoader (or ClassPathTemplateLoader) is vulnerable to arbitrary file read. This is a realistic attack surface for web applications that use template names from URL path parameters, request parameters, or other user-controlled sources.

Patches

com.github.jknack:handlebars:4.5.2

Workarounds

Validate template name is derived from user input.

if (!file.getPath().startsWith(new File(prefix).getCanonicalPath())) {
        throw new IOException("Path traversal attempt detected: " + location);
}

🎯 Affected products1

  • maven/com.github.jknack:handlebars:< 4.5.2

🔗 References (2)